CVE-2024-5261 – LibreOfficeKit mode in LibreOffice versions bef... (How to Fix)

Q: What is the severity of CVE-2024-5261?

CVE-2024-5261 has a CVSS score of 9.8 (CRITICAL). LibreOfficeKit mode in LibreOffice versions before 24.2.4 disables TLS certificate verification when fetching remote resources via curl, allowing man-in-the-middle attacks. This affects third-party applications using LibreOffice as a library for document conversion or viewing. The vulnerability is specific to LibreOfficeKit mode and does not impact standard LibreOffice usage.

📋 TL;DR

LibreOfficeKit mode in LibreOffice versions before 24.2.4 disables TLS certificate verification when fetching remote resources via curl, allowing man-in-the-middle attacks. This affects third-party applications using LibreOffice as a library for document conversion or viewing. The vulnerability is specific to LibreOfficeKit mode and does not impact standard LibreOffice usage.

💻 Affected Systems

Products:

LibreOffice

Versions: Versions before 24.2.4

Operating Systems: All operating systems supported by LibreOffice

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects LibreOfficeKit mode; standard LibreOffice usage is not vulnerable.

📦 What is this software?

Libreoffice by Libreoffice

View all CVEs affecting Libreoffice →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers intercept and manipulate document content, inject malicious code, or steal sensitive data during remote resource fetching, leading to data breaches or system compromise.

🟠

Likely Case

Man-in-the-middle attacks result in data tampering or exposure of confidential information in documents fetched from untrusted sources.

🟢

If Mitigated

With proper network segmentation and trusted sources, risk is limited to potential data integrity issues in isolated environments.

🌐 Internet-Facing: HIGH, as internet-exposed applications using LibreOfficeKit could fetch resources from external servers, making them vulnerable to interception.

🏢 Internal Only: MEDIUM, as internal network attacks are possible if attackers gain network access, but may be less likely than external threats.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW, as it involves intercepting network traffic, but requires specific conditions (LibreOfficeKit mode and remote resource fetching).

Exploitation depends on network access and the use of LibreOfficeKit to fetch resources from untrusted locations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.2.4 or later

Vendor Advisory: https://www.libreoffice.org/about-us/security/advisories/cve-2024-5261

Restart Required: Yes

Instructions:

1. Download LibreOffice version 24.2.4 or newer from the official website. 2. Install the update, replacing the old version. 3. Restart any applications using LibreOfficeKit to apply the fix.

🔧 Temporary Workarounds

Disable LibreOfficeKit Remote Fetching

all

Prevent LibreOfficeKit from fetching remote resources by configuring applications to use local resources only.

Configure application settings to disable network access for LibreOfficeKit functions.

🧯 If You Can't Patch

Restrict network access to only trusted sources for applications using LibreOfficeKit.
Monitor network traffic for unauthorized TLS interception or unusual connections from LibreOffice processes.

🔍 How to Verify

Check if Vulnerable:

Check if LibreOffice version is below 24.2.4 and confirm LibreOfficeKit mode is enabled in the application.

Check Version:

libreoffice --version

Verify Fix Applied:

Verify LibreOffice version is 24.2.4 or higher and test that TLS certificate verification is enabled in LibreOfficeKit mode.

📡 Detection & Monitoring

Log Indicators:

Log entries showing failed TLS certificate validations or warnings in LibreOfficeKit mode.

Network Indicators:

Unencrypted or suspicious TLS connections from LibreOffice processes to remote servers.

SIEM Query:

Example: source="libreoffice" AND (event="tls_error" OR event="certificate_verification_failed")

📊 Metadata

CVE ID: CVE-2024-5261

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-295

Published: June 25, 2024

Last Updated: December 23, 2025

🔗 References

https://www.libreoffice.org/about-us/security/advisories/cve-2024-5261 Vendor Advisory
https://www.libreoffice.org/about-us/security/advisories/cve-2024-5261 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5261, you might also want to check these: